<?php


  // adds a new user to the table	
  function addMember($username,$password) {
    $host="localhost"; 
	$db_name="test";
	$tbl_name="members";
	mysql_connect("$host", "", "")or die("cannot connect");
	mysql_select_db("$db_name")or die("cannot select DB");
	
	//XSS injection check
	$username = cleanXSS($username);
	$password = cleanXSS($password);
	$password = md5($password);
    // query database
    $sql="INSERT INTO $tbl_name(username,password) VALUES ('$username', '$password')";
    //echo $sql; //testing
  	$result=mysql_query($sql);   
  }
  
  // adds a book referencing user
  function addBook($bookname) {
  	$host="localhost"; 
	$db_name="test";
	$tbl_name="books";
	mysql_connect("$host", "", "")or die("cannot connect");
	mysql_select_db("$db_name")or die("cannot select DB");
	
	//XSS injection check
	$username = $_SESSION['myusername'];
    // query database
    $sql="INSERT INTO $tbl_name(username,bookname) VALUES ('$username', '$bookname')";
    //echo $sql; //testing
  	$result=mysql_query($sql); 
  }
   
  function cleanXSS($value) {
  	return mysql_real_escape_string(stripslashes($value));
  }
  


  
  
?>
